Cybercriminals have been quite busy this year, where we are not only seeing a surge in ransomware operators’ activities, but several cyberattacks are leveraging COVID-19 as their threat vectors.
On this instance, Pally Live app has suffered a massive data breach which has exposed sensitive records of over 1.2 million users.
About Pally Live — it is a random video app for live video chat with strangers using video call. On the Google app store, it has over 3000 reviews, and over 1 million downloads have been made thus far.
Cyble researchers confirmed the breach and have verified the data as well per below:
The breach exposed it’s users’ email address, hashed password, Facebook Profiles, Location, mobile number etc. At the time of writing this advisory, we are not aware of this breach been reported to the public.
The breached file is from March 2020.
About Cyble:
Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.
Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.
